| Other > Viruses and worms |
| Recurring requests for reboot |
| << < (2/6) > >> |
| thughes4050:
There are no warnings associated with my system it simply tells me that avast needs to reboot. I tell it no and go about my business right now and there doesn't seem to be any problems, additional warnings, or further avast activity. |
| hap66:
Yeah System restore didn't work, not much change. avast! is still asking for reboot at random times, but no more warnings about modified programs. I checked the ashdisp at virustotal and it came up with this: File Ashdisp.exe received on 12.31.2007 19:12:14 (CET)Antivirus Version Last Update Result AhnLab-V3 2008.1.1.10 2007.12.31 - AntiVir 7.6.0.46 2007.12.31 - Authentium 4.93.8 2007.12.30 W32/Virtumonde.OQ Avast 4.7.1098.0 2007.12.31 - AVG 7.5.0.516 2007.12.31 Dropper.Agent.GIT BitDefender 7.2 2007.12.31 Trojan.Dropper.Vundo.D CAT-QuickHeal 9.00 2007.12.31 - ClamAV 0.91.2 2007.12.31 Trojan.Dropper-3531 DrWeb 4.44.0.09170 2007.12.31 Trojan.MulDrop.10006 eSafe 7.0.15.0 2007.12.31 - eTrust-Vet 31.3.5419 2007.12.31 Win32/Trats.A Ewido 4.0 2007.12.31 Dropper.Agent.dgo FileAdvisor 1 2007.12.31 - Fortinet 3.14.0.0 2007.12.31 - F-Prot 4.4.2.54 2007.12.31 W32/Virtumonde.OQ F-Secure 6.70.13030.0 2007.12.31 Trojan-Dropper.Win32.Agent.dgo Ikarus T3.1.1.15 2007.12.31 Trojan-Dropper.Win32.Agent.dgo Kaspersky 7.0.0.125 2007.12.31 Trojan-Dropper.Win32.Agent.dgo McAfee 5195 2007.12.28 - Microsoft 1.3109 2007.12.31 Virus:Win32/Trats.C NOD32v2 2758 2007.12.31 Win32/TrojanDropper.Agent.DGO Norman 5.80.02 2007.12.31 - Panda 9.0.0.4 2007.12.31 - Prevx1 V2 2007.12.31 - Rising 20.24.52.00 2007.12.29 - Sophos 4.24.0 2007.12.31 W32/VirtInf-B Sunbelt 2.2.907.0 2007.12.30 - Symantec 10 2007.12.31 W32.Trats!inf TheHacker 6.2.9.175 2007.12.29 - VBA32 3.12.2.5 2007.12.29 Trojan-Dropper.Win32.Agent.dgo VirusBuster 4.3.26:9 2007.12.31 Win32.Trats.Gen Webwasher-Gateway 6.6.2 2007.12.31 - Additional information File size: 445952 bytes MD5: 3d41044c8737ef95dbfa75c9647c36b5 SHA1: aa8fe969ece2211fc578f21d0df39cfffa20f7ff PEiD: - is this a bad thing? |
| Lisandro:
--- Quote from: hap66 on December 31, 2007, 07:39:28 PM ---is this a bad thing? --- End quote --- Yes... you're infected with Virtumonde. Maybe this help: http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99&tabid=3 |
| hap66:
Ran the symantec tool, but it came up saying "Adware.VirtuMonde has not been found on your computer." Even checked the registry to delete the said subkeys, but none of the ones listed in the instructions were in there. Is there another way to fix this infection, and is it safe for me to do things like online banking on this computer? And avast! isn't asking for reboot anymore. |
| oldman:
Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall. Also download but do not use yet [*]Download RenV.exe by sUBs to your desktop [/list] You will also need hijackthis Click here to download HJTsetup.exe [*]Save HJTsetup.exe to your desktop. [*]Doubleclick on the HJTsetup.exe icon on your desktop. [*]By default it will install to C:\Program Files\Hijack This. [*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. [*]Put a check by Create a desktop icon then click Next again. [*]Continue to follow the rest of the prompts from there. [*]At the final dialogue box click Finish and it will launch Hijack This. [*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. [*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. [*]Come back here to this thread and Paste the log in your next reply. [*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. [/list] |
| Navigation |
| Message Index |
| Next page |
| Previous page |